|
| From: | Isaac Keslassy |
| Subject: | Re: upcoming gnubg features + button survey |
| Date: | Fri, 17 Feb 2023 22:31:07 +0200 |
| User-agent: | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 |
Russ,1) DISABLING BY DEFAULT: Many thanks for the feedback, I never thought of this issue! I did already put checkboxes to disable it (1) in the menu options, and (2) in the window that asks whether to go to the gnubg website to upgrade.
The problem of disabling it by default is that the vast majority of users won't look for it in the options and will stay with old gnubg versions.
How about the following idea: It is disabled by default, as you suggested. We record the day that the user starts using a given version of gnubg. Then, 1-2 months later, gnubg asks the user whether to enable the feature and automatically look online for updates? So it's opt-in rather than opt-out, but with a one-time nagging.
2) RANDOM DICE: For the record, it looks like the default random number generator relies on Mersenne (dice.c, line 75), so it doesn't go online. Mersenne uses some genrand_int32 function (cf. RollDice function in dice.c), which seems to be an implementation from 1997-2002 in lib/19937ar.c
It seems that it has been updated online in 2011 (http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/emt.html), if someone wants to introduce that in gnubg.
Gnubg could also implement urandom, but then this would be platform-specific. It seems that Windows has something as well: https://learn.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom Developing platform-dependent functions sounds like extra work, but I am no expert, so anyone should feel free to introduce it if it looks like a needed feature.
Thanks, - Isaac On 17-Feb-23 6:58 PM, Russ Allbery wrote:
Isaac Keslassy <isaac@technion.ac.il> writes:In addition, (7) gnubg will automatically check is there is a newer gnubg version online.Would it be possible to provide a way for distribution packagers to set the default for this option to disabled? Debian has users who are extremely sensitive to software reporting their activities to anywhere on the Internet without their explicit consent, so we have a general distribution policy to not enable checks like this by default. (There is unfortunately no way that I know of to check for a newer version without telling some server that someone just ran gnubg.) (That reminds me that I think gnubg is probably also using random.org by default and probably should use /dev/urandom by default instead on Debian.) I'd of course document this change and explain how to turn it back on for anyone who wants it. -- Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/> External e-mail, be judicious when opening attachments or links
| [Prev in Thread] | Current Thread | [Next in Thread] |